Status of this Memo

This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on December 20, 2002.

Copyright Notice

Copyright (C) The Internet Society (2002). All Rights Reserved.

Abstract

This document describes the core features of the eXtensible Messaging and Presence Protocol (XMPP), which is used by numerous applications that are compatible with the open-source Jabber instant messaging system.

Table of Contents

1.  Introduction
1.1  Overview
1.2  Conventions Used in this Document
1.3  Discussion Venue
1.4  Intellectual Property Notice
2.  Generalized Architecture
2.1  Overview
2.2  Host
2.3  Node
2.4  Service
2.4.1  Gateway
2.5  Network
3.  Addressing Scheme
3.1  Overview
3.2  Domain Identifier
3.3  Node Identifier
3.4  Resource Identifier
3.5  URIs
4.  XML Streams
4.1  Overview
4.2  Scope
4.3  Restrictions
4.4  Elements and Attributes
4.5  Stream Errors
4.6  Example
4.7  DTD
4.8  Schema
5.  Stream Authentication
5.1  SASL Authentication
5.1.1  Overview
5.1.2  Example
5.1.3  DTD
5.1.4  Schema
5.2  Dialback Authentication
5.2.1  Dialback Protocol
6.  Common Data Elements
6.1  Overview
6.2  The Message Element
6.2.1  Attributes
6.2.2  Children
6.2.3  DTD
6.2.4  Schema
6.3  The Presence Element
6.3.1  Attributes
6.3.2  Children
6.3.3  DTD
6.3.4  Schema
6.4  The IQ Element
6.4.1  Overview
6.4.2  Attributes
6.4.3  Children
6.4.4  DTD
6.4.5  Schema
7.  XML Usage within XMPP
7.1  Overview
7.2  Namespaces
7.3  Validation
7.4  Extended Namespaces
7.5  Handling of Extended Namespaces
8.  Security Considerations
8.1  Node-to-Host Communications
8.2  Host-to-Host Communications
8.3  Use of SASL
§  References
§  Authors' Addresses
A.  Standard Error Codes
B.  IANA Considerations
§  Full Copyright Statement

1. Introduction

1.1 Overview

The eXtensible Messaging and Presence Protocol (XMPP) is an open, XML-based protocol for near-real-time messaging and presence. Currently, there exist multiple implementations of the protocol, mostly offered under the name of Jabber. In addition, there are countless deployments of these implementations, which provide instant messaging and presence services at thousands of domains to millions of end users. The current document defines the core constituents of XMPP; the specific protocols necessary to provide basic instant messaging and presence functionality are defined in XMPP IM[2].

1.2 Conventions Used in this Document

The capitalized key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119[1].

1.3 Discussion Venue

The authors welcome discussion and comments related to the topics presented in this document, preferably on the "jabber-ietf@jabber.org" mailing list (archives and subscription information are available at http://www.jabber.org/cgi-bin/mailman/listinfo/jabber-ietf/).

1.4 Intellectual Property Notice

This document is in full compliance with all provisions of Section 10 of RFC 2026. Parts of this specification use the term "jabber" for identifying URI schemes, namespaces, and other protocol syntax. Jabber[tm] is a trademark of Jabber, Inc. If the IETF places this document, or a successor document, on the standards track, then Jabber, Inc. grants permission for use of the trademark "Jabber" in association with that specification.

2. Generalized Architecture

2.1 Overview

Although XMPP is not wedded to any specific network architecture, to this point it has usually been implemented via a typical client-server architecture, wherein a client utilizing XMPP accesses a server over a TCP[4] socket. While it can be helpful to keep that specific architecture in mind when seeking to understand XMPP, we have herein abstracted from any specific architecture and have described the architecture in a more generalized fashion.

The following diagram provides a high-level overview of this generalized architecture (where "-" represents communications that use XMPP and "=" represents communications that use any other protocol).

Connection Map

The symbols are as follows:

• N1, N2, N3 - Nodes on the Jabber network
• H1, H2 - Hosts on the Jabber network
• S1, S2 - Services that add functionality to a primary host
• G1 - A gateway that translates between XMPP and the protocol(s) used on a foreign messaging network
• F1 - A foreign messaging network
• C1 - A client on a foreign messaging network

2.2 Host

A host acts as an intelligent abstraction layer for XMPP communications. Its primary responsibility is to manage connections from or sessions for other entities (authorized nodes, services, and other hosts) and to route appropriately-addressed XML data among such entities. Most XMPP-compliant (Jabber) hosts also assume responsibility for the storage of data that is used by nodes or services (e.g., the contact list for each IM user, called a "roster"); in this case, the XML data is processed directly by the host itself on behalf of the node or service and is not routed to another entity.

2.3 Node

Most nodes connect directly to a host over a TCP socket and use XMPP to take full advantage of the functionality provided by a host and its associated services. (Clients on foreign messaging networks are also part of the architecture, made accessable via a gateway to that network.) Multiple resources (e.g., devices or locations) MAY connect simultaneously to a host on behalf of each authorized node, with each resource connecting over a discrete TCP socket and differentiated by the resource identifier of a JID (e.g., node@host/home vs. node@host/work). The port assigned by the IANA[5] for connections between a node and a host is 5222. For further details about node-to-host communications for the purpose of instant messaging and presence, refer to XMPP IM[2].

2.4 Service

In addition to the basic functionality provided by a host, additional functionality is made possible by connecting trusted services to a host. Examples include multi-user chat (a.k.a. conferencing), real-time alert systems, custom authentication modules, database connectivity, and translation to foreign messaging protocols. There is no set port on which services communicate with hosts; this is left up to the administrator of the service or host.

2.4.1 Gateway

A gateway is a special-purpose service whose primary function is to translate XMPP into the protocol(s) of another messaging system, as well as translate the return data back into XMPP. Examples are gateways to Internet Relay Chat (IRC), Short Message Service (SMS), SMTP, and foreign instant messaging networks such as Yahoo!, MSN, ICQ, and AIM.

2.5 Network

Because each host is identified by a network address (typically a DNS hostname) and because host-to-host communications are a simple extension of the node-to-host protocol, in practice the system consists of a network of hosts that inter-communicate. Thus node-a@host1 is able to exchange messages, presence, and other information with node-b@host2. This pattern is familiar from messaging protocols (such as SMTP) that make use of network addressing standards. The usual method for providing a connection between two hosts is to open a TCP socket on the IANA-assigned port 5269 and negotiate a connection using the Dialback Protocol.

3. Addressing Scheme

3.1 Overview

Any entity that can be considered a network endpoint (i.e., an ID on the network) and that can communicate using XMPP is considered a Jabber Entity. All such entities are uniquely addressable in a form that is consistent with the URI specification[11]. In particular, a valid Jabber Identifier (JID) contains a set of ordered elements formed of a domain identifier, node identifier, and resource identifier in the following format: [node@]domain[/resource].

All JIDs are based on the foregoing structure. The most common use of this structure is to identify an IM user, the host to which the user connects, and the user's active session or connection in the form of user@host/resource. However, other nodes are possible; for example, room-name@conference-service is a specific conference room that is offered by a multi-user chat service.

3.2 Domain Identifier

The domain identifier is the primary identifier and is the only required element of a JID (a simple domain identifier is a valid JID). It usually represents the network gateway or "primary" host to which other entities connect for XML routing and data management capabilities. However, the entity referenced by a domain identifier is not always a host, and may be a service that is addressed as a subdomain of a host and that provides functionality above and beyond the capabilities of a host (e.g., a multi-user chat service or a gateway to a foreign messaging system).

The domain identifier for every host or service that will communicate over a network SHOULD resolve to a Fully Qualified Domain Name, and a domain identifier SHOULD conform to RRC 952[6] and REF 1123[7]. Specifically, it is case-insensitive 7-bit ASCII and is limited to 255 bytes.

3.3 Node Identifier

The node identifier is an optional secondary identifier. It usually represents the entity requesting and using network access provided by the host (e.g., a client), although it can also represent other kinds of entities (e.g., a multi-user chat room associated with a conference service). The entity represented by a node identifier is addressed within the context of a specific domain. Node identifiers are restricted to 256 bytes. A node identifier may contain any Unicode character higher than #x20 with the exception of the following:

• #x22 (")
• #x26 (&)
• #x27 (')
• #x3A (:)
• #x3C (<)
• #x3E (>)
• #x40 (@)
• #x7F (del)
• #xFFFE (BOM)
• #xFFFF (BOM)

Case is preserved, but comparisons are made in case-normalized canonical form.

3.4 Resource Identifier

The resource identifer is an optional third identifier. It represents a specific session, connection (e.g., a device or location), or object (e.g., a participant in a multi-user chat room) belonging to a node. A node may maintain multiple resources simultaneously. A resource identifier is restricted to 256 bytes in length. A resource identifier MAY include any Unicode character greater than #x20, except #xFFFE and #xFFFF; if the Unicode character is a valid XML character as defined in Section 2.2 of the XML 1.0 specification[8], it MUST be suitably escaped for inclusion within an XML stream. Resource identifiers are case sensitive.

3.5 URIs

Full conformance with RFC 2396[11] would be valuable. This would most likely be effected through use of the 'im:' and 'pres:' URI schemes, resulting in URIs of the form "im:node@host" for exchanging instant messages and "pres:node@host" for exchanging presence. However, the use of such URIs has not yet been standardized.

4. XML Streams

4.1 Overview

Two fundamental concepts make possible the rapid, asynchronous exchange of relatively small payloads of structured information between presence-aware entities: XML streams and, as a result, discrete units of structured information that are referred to as "XML chunks". (Note: in this overview we use the example of communications between a node and host, however XML streams are more generalized and are used for communications between a wide range of entities [see Scope].)

On connecting to a host, a node initiates an XML stream by sending a properly namespaced <stream:stream> tag, and the host replies with a second XML stream back to the node. Within the context of an XML stream, a sender is able to route a discrete semantic unit of structured information to any recipient. This unit of structured information is a well-balanced XML chunk, such as a message, presence, or IQ chunk (a chunk of an XML document is said to be well-balanced if it matches production [43] content of XML 1.0 specification[8]). These chunks exist at the direct child level (depth=1) of the root stream element. The start of any XML chunk is unambiguously denoted by the element start tag at depth=1 (e.g., <presence>) and the end of any XML chunk is unambiguously denoted by the corresponding close tag at depth=1 (e.g., </presence>). Each XML chunk may contain child elements or CDATA sections as necessary in order to convey the desired information from the sender to the recipient. The session is closed at the node's request by sending a closing </stream:stream> tag to the host.

Thus a node's session with a host can be seen as two open-ended XML documents that are built up through the accumulation of the XML chunks that are sent over the course of the session (one from the node to the host and one from the host to the node). In essence, an XML stream acts as an envelope for all the XML chunks sent during a session. We can represent this graphically as follows:

4.2 Scope

XML streams function as containers for any XML chunks sent asynchronously between network endpoints. (We now generalize those endpoints by using the terms "initiating entity" and "receiving entity".) XML streams are used for the following types of communication:

• Node to Host
• Host to Host
• Service to Host

These usages are differentiated through the inclusion of a namespace declaration in the stream from the initiating entity, which is mirrored in the reply from the receiving entity:

• For node-to-host (and by extension host-to-node communications), the namespace declaration is "jabber:client".
• For host-to-host commmunications, the namespace declaration is "jabber:server".
• There are two ways that a service and a host can communicate:
  • The service initiates communications to the host. In this case the namespace declaration is "jabber:component:accept" (since the host "accepts" communications from the service).
  • The host initiates communications to the service. In this case the namespace declaration is "jabber:component:connect" (since the host "connects" to the service).

4.3 Restrictions

XML streams are used to transport a subset of XML. Specifically, XML streams SHOULD NOT contain processing instructions, non-predefined entities (as defined in Section 4.6 of the XML 1.0 specification[8]), comments, or DTDs. Any such XML data SHOULD be ignored.

4.4 Elements and Attributes

The attributes of the stream element are as follows:

• to - The 'to' attribute is normally used only in the XML stream from the initiating entity to the receiving entity, and is set to the JID of the receiving entity. Normally there is no 'to' attribute set in the XML stream by which the receiving entity replies to the initiating entity; however, if a 'to' attribute is included, it SHOULD be ignored.
• from - The 'from' attribute is normally used only in the XML stream from the receiving entity to the initiating entity, and is set to the JID of the receiving entity granting access to the initiating entity. Normally there is no 'from' attribute on the XML stream sent from the initiating entity to the receiving entity; however, if a 'from' attribute is included, it SHOULD be ignored.
• id - The 'id' attribute is normally used only in the XML stream from the receiving entity to the initiating entity. It is a unique identifier created by the receiving entity to function as a session key for the initiating entity's session with the receiving entity. Normally there is no 'id' attribute on the XML stream sent from the initiating entity to the receiving entity; however, if an 'id' attribute is included, it SHOULD be ignored.

We can summarize these values as follows:

The stream element also contains the following namespace declarations:

• xmlns - The 'xmlns' namespace declaration is REQUIRED and is used in both XML streams in order to scope the allowable first-level children of the stream element for both streams. This namespace declaration must be the same for the initiating stream and the responding stream so that both streams are scoped consistently. For allowable values of this namespace declaration, see Scope.
• xmlns:stream - The 'xmlns:stream' namespace declaration is REQUIRED in both XML streams. The value MUST be "http://etherx.jabber.org/streams".

In addition to the common data elements, the stream element MAY also contain <stream:error/> as a child element signifying that a stream-level error has occurred.

4.5 Stream Errors

Errors may occur at the level of the stream. Examples include the sending of invalid XML, the shutdown of a host, an internal server error such as the shutdown of a session manager, and an attempt by a node to authenticate as the same resource that is currently connected. If an error occurs at the level of the stream, the entity (initiating entity or receiving entity) that detects the error should send a stream error to the other entity specifying why the streams are being closed and then send a closing </stream:stream> tag. XML of the following form is sent within the context of an existing stream:

4.6 Example

The following is a simple stream-based session of a node on a host (where the NODE lines are sent from the node to the host, and the HOST lines are sent from the host to the node):

A simple session:

These are in actuality a sending stream and a receiving stream, which can be viewed a-chronologically as two XML documents:

A session gone bad:

4.7 DTD

4.8 Schema

5. Stream Authentication

XMPP includes two methods for enforcing authentication at the level of XML streams. When one entity is already known to another (i.e., there is an existing trust relationship between the entities such as that established when a node registers with a host or an administrator configures a host to trust a service), the preferred method for authenticating streams between the two entities uses an XMPP adaptation of the Simple Authentication and Security Layer (SASL)[9]. When there is no existing trust relationship between the two entities, such trust MAY be established based on existing trust in DNS; the authentication method used when two such entities are hosts is the server dialback protocol that is native to XMPP. Both of these methods are described in this section.

5.1 SASL Authentication

5.1.1 Overview

The Simple Authentication and Security Layer (SASL) provides a generalized method for adding authentication support to connection-based protocols. XMPP uses a generic XML namespace profile for SASL that conforms to section 4 ("Profiling Requirements") of RFC 2222[9] (the namespace identifier for this protocol is http://www.iana.org/assignments/sasl-mechanisms). If an entity (node, host, or service) is capable of authenticating by means of SASL, it MUST include the agreed-upon SASL namespace within the <stream:stream> tag it uses to initiate communications.

The following example shows the use of SASL in node authentication with a host, for which the steps involved are as follows:

• Node requests SASL authentication by including the appropriate namespace declaration (xmlns:sasl='http://www.iana.org/assignments/sasl-mechanisms') in the opening XML stream header sent to the host.
• Host includes the xmlns:sasl namespace declaration in the XML stream header sent in reply to the node.
• Host responds with list of available SASL authentication mechanisms, each of which is a <sasl:mechanism/> element included as a child within a <sasl:mechanisms/> container element that is sent as a first-level child of the <stream:stream/> element.
• Node selects a mechanism by sending a <sasl:auth/> element to the host; this element MAY optionally contain character data.
• If necessary, host challenges the node by sending a <sasl:challenge/> element to the node; this element MAY optionally contain character data.
• Node responds to challenge by sending a <sasl:response/> element to the host; this element MAY optionally contain character data.
• If necessary, host sends more challenges and node sends more responses.

This series of challenge/response pairs continues until one of three things happens:

• Node aborts the handshake by sending a <sasl:abort/> element to the host.
• Host reports failure by sending a <sasl:failure/> element to the node.
• Host reports success by sending a <sasl:success/> element to the node; this element MAY optionally contain character data.

Any character data contained within these elements MUST be encoded using base64.

5.1.2 Example

The following example shows the data flow for a node authenticating with a host using SASL.

Step 1: Node initiates stream to host:

Step 2: Host responds with a stream tag sent to the node:

Step 3: Host informs node of available authentication mechanisms:

Step 4: Node selects an authentication mechanism:

Step 5: Host sends a challenge to the node:

Step 6: Node responds to the challenge:

Step 7: Host sends another challenge to the node:

Step 8: Node responds to the challenge:

Step 9: Host informs node of successful authentication:

Step 9 (alt): Host informs node of failed authentication:

5.1.3 DTD

The DTD for the sasl: namespace is as follows:

5.1.4 Schema

5.2 Dialback Authentication

XMPP includes a protocol-level method for verifying that a connection between two hosts can be trusted. This method is called dialback and is used only within XML streams that are declared under the "jabber:server" namespace.

The dialback protocol is used to prevent spoofing of a particular hostname and sending false data from it. Dialback is made possible by the existence of DNS, since one host can verify that another host which is connecting to it is authorized to represent a given host on the Jabber network. All DNS host resolutions must first resolve the host using an SRV[10] record of _jabber._tcp.host. If the SRV lookup fails, the fallback is a normal A lookup to determine the IP address, using the jabber-server port of 5269 assigned by the Internet Assigned Numbers Authority[5].

Note that the method used to generate and verify the keys used in the dialback protocol must take into account the hostnames being used, along with a secret known only by the receiving host and the random id per stream. Generating unique but verifiable keys is important to prevent common man-in-the-middle attacks and host spoofing.

In the description that follows we use the following terminology:

• Originating Host - the host that is attempting to establish a connection between the two hosts
• Receiving Host - the host that is trying to authenticate that the Originating Host represents the Jabber host which it claims to be
• Authoritative Host - the host which is given when a DNS lookup is performed on the name that the Originating Host initially gave; for simple environments this will be the Originating Host, but it could be a separate machine in the Originating Host's network

The following is a brief summary of the order of events in dialback:

1. Originating Host establishes a connection to Receiving Host.
2. Originating Host sends a 'key' value over the connection to Receiving Host.
3. Receiving Host establishes a connection to Authoritative Host.
4. Receiving Host sends the same 'key' value to Authoritative Host.
5. Authoritative Host replies that key is valid or invalid.
6. Receiving Host tells Originating Host whether it is authenticated or not.

We can represent this flow of events graphically as follows:

5.2.1 Dialback Protocol

The traffic sent between the hosts is as follows:

6. Common Data Elements

6.1 Overview

The common data elements for XMPP communications are <message/>, <presence/>, and <iq/>. These data elements are sent as direct children of the root <stream:stream/> element.

6.2 The Message Element

This section describes the valid attributes and child elements of the message element.

6.2.1 Attributes

A message chunk may possess the following attributes:

• to - Specifies the intended recipient of the message chunk.
• from - Specifies the sender of the message chunk.
• id - An optional unique identifier for the purpose of tracking messages. The sender of the message chunk sets this attribute, which MAY be returned in any replies.
• type - An optional specification of the conversational context of the message. For detailed information about the main use of this attribute, see XMPP IM[2]. If a previously-sent message cannot be processed or delivered, a host SHOULD return that message to the sender in a message of type="error" that contains an <error/> child.

6.2.2 Children

A message chunk MAY contain zero or one of each of the following child elements (which may not contain mixed content):

• body - The textual contents of the message; normally included but not required. The <body/> element MUST NOT have any attributes.
• subject - The subject of the message. The <subject/> element MUST NOT have any attributes.
• thread - A random string that is generated by the sender and that MAY be copied back in replies; it is used for tracking a conversation thread. The <thread/> element MUST NOT have any attributes.
• error - If the message is of type="error", the <message/> chunk MUST include an <error/> child, which in turn MUST have a 'code' attribute corresponding to one of the standard error codes and MAY also contain PCDATA corresponding to a natural-language description of the error.

As previously described under extended namespaces, a message chunk MAY also contain any properly-namespaced child element (other than the common data elements, stream elements, or defined children thereof).

6.2.3 DTD

6.2.4 Schema

6.3 The Presence Element

The <presence/> is used to express an entity's current availability status (offline or online, along with various sub-states of the latter) and communicate that status to other entities. It is also used to negotiate and manage subscriptions to the presence of other entities.

6.3.1 Attributes

A presence chunk MAY possess the following attributes:

• to - Specifies the intended recipient of the presence chunk (if any).
• from - Specifies the sender of the presence chunk.
• id - A unique identifier for the purpose of tracking presence. The sender of the presence chunk sets this attribute, which may be returned in any replies.
• type - Describes the availability state, subscription request, presence request, or error. No 'type' attribute, or inclusion of a type not specified here, implies that the resource is available. The type SHOULD be one of the following:
  • unavailable - Signals that the entity is no longer available for communication.
  • subscribe - The sender wishes to subscribe to the recipient's presence.
  • subscribed - The sender has allowed the recipient to receive their presence.
  • unsubscribe - A notification that an entity is unsubscribing from another entity's presence.
  • unsubscribed - The subscription request has been denied or a previously-granted subscription has been cancelled.
  • probe - A request for an entity's current presence.
  • error - An error has occurred regarding processing or delivery of a previously-sent presence chunk.

6.3.2 Children

A presence chunk may contain zero or one of each of the following child elements:

• show - Describes the availability status of an entity or specific resource. The value SHOULD be one of the following (values other than these four are typically ignored; additional availability types could be defined through a properly-namespaced element of the presence chunk):
  • away - Entity or resource is temporarily away.
  • chat - Entity or resource is free to chat.
  • xa - Entity or resource is away for an extended period (xa = "eXtended Away").
  • dnd - Entity or resource is busy (dnd = "Do Not Disturb").

• status - An optional natural-language description of availability status. Normally used in conjunction with the show element to provide a detailed description of an availability state (e.g., "In a meeting").
• priority - A non-negative integer representing the priority level of the connected resource, with zero as the lowest priority.
• error - If the presence is of type="error", the <presence/> chunk MUST include an <error/> child, which in turn MUST have a 'code' attribute corresponding to one of the standard error codes and MAY also contain PCDATA corresponding to a natural-language description of the error.

As previously described under extended namespaces, a presence chunk MAY also contain any properly-namespaced child element (other than the common data elements, stream elements, or defined children thereof).

6.3.3 DTD

6.3.4 Schema

6.4 The IQ Element

6.4.1 Overview

Info/Query, or IQ, is a simple request-response mechanism. Just as HTTP is a request-response medium, the iq element enables an entity to make a request of, and receive a response from, another entity. The data content of the request and response is defined by the namespace declaration of a direct child element of the iq element.

Most IQ interactions follow a common pattern of structured data exchange such as get/result or set/result:

6.4.2 Attributes

An IQ chunk MAY possess the following attributes:

• to - Specifies the intended recipient of the IQ chunk.
• from - Specifies the sender of the IQ chunk.
• id - An optional unique identifier for the purpose of tracking the request-response interaction. The sender of the IQ chunk sets this attribute, which may be returned in any replies.
• type - The required 'type' attribute specifies a distinct step within a request-response interaction. The value SHOULD be one of the following (all other values are ignored):
  • get - The chunk is a request for information.
  • set - The chunk contains data intended to provide required data, set new values, or replace existing values.
  • result - The chunk is a response to a successful get or set request.
  • error - An error has occurred regarding processing or delivery of a previously-sent get or set.

6.4.3 Children

In the strictest terms, the iq element contains no children since it is a vessel for XML in another namespace. As previously described under extended namespaces, an IQ chunk MAY contain any properly-namespaced child element (other than the common data elements, stream elements, or defined children thereof).

If the IQ is of type="error", the <iq/> chunk MUST include an <error/> child, which in turn MUST have a 'code' attribute corresponding to one of the standard error codes and MAY also contain PCDATA corresponding to a natural-language description of the error.

6.4.4 DTD

6.4.5 Schema

7. XML Usage within XMPP

7.1 Overview

In essence, XMPP core consists of three interrelated parts:

1. XML streams, which provide a stateful means for transporting data in an asynchronous manner from one entity to another
2. stream authentication using SASL authentication or the dialback protocol
3. common data elements (message, presence, and iq), which provide a framework for communications between entities

XML[8] is used to define each of these protocols, as described in detail in the following sections.

In addition, XMPP contains protocol extensions (such as extended namespaces) that address the specific functionality required to create a basic instant messaging and presence application; these non-core protocol extensions are defined in XMPP IM[2].

7.2 Namespaces

XML Namespaces[12] are used within all XMPP-compliant XML to create strict boundaries of data ownership. The basic function of namespaces is to separate different vocabularies of XML elements that are structurally mixed together. Ensuring that XMPP-compliant XML is namespace-aware enables any XML to be structurally mixed with any data element within XMPP. This feature is relied upon frequently within XMPP to separate the XML that is processed by different services.

Additionally, XMPP is more strict about namespace prefixes than the XML namespace specification requires.

7.3 Validation

A host is not responsible for validating the XML elements forwarded to a node; an implementation MAY choose to provide only validated data elements but is not REQUIRED to do so. Nodes and services SHOULD NOT rely on the ability to send data which does not conform to the schemas, and SHOULD ignore any non-conformant elements or attributes on the incoming XML stream.

7.4 Extended Namespaces

While the common data elements defined in this document provide a basic level of functionality for messaging and presence, XMPP uses XML namespaces to extend the common data elements for the purpose of providing additional functionality. Thus a message, presence, or iq element may house an optional element containing content that extends the meaning of the message (e.g., an encrypted form of the message body). In XMPP usage this child element is often the <x/> element (in message and presence chunks) or the <query/> element (in IQ chunks), but it MAY be any element (other than the common data elements, stream elements, or defined children thereof). The child element MUST possess an 'xmlns' namespace declaration (other than those defined for XML streams) that defines all data contained within the child element. Note that the extended namespaces accepted by the Jabber Software Foundation[13] all begin with the string 'jabber:x' or 'jabber:iq' (e.g., jabber:iq:register).

7.5 Handling of Extended Namespaces

Support for extended namespaces is OPTIONAL on the part of any implementation. If an entity does not understand such a child element or its namespace, it must ignore the associated XML data. If an entity receives an IQ chunk in a namespace it does not understand, the entity SHOULD return an IQ chunk of type "error" with an error element of code 400 (bad request). If an entity receives a message or presence chunk that contains XML data in an extended namespace it does not understand, the portion of the chunk that is in the unknown namespace SHOULD be ignored. If an entity receives a message chunk without a <body/> element but with a child element bound by a namespace it does not understand, it MUST ignore that chunk.

8. Security Considerations

8.1 Node-to-Host Communications

The SASL protocol for authenticating XML streams negotiated between a node and a host (defined under SASL Authentication above) provides a reliable mechanism for validating that a node connecting to a host is who it claims to be.

8.2 Host-to-Host Communications

It is OPTIONAL for any given host to communicate with other hosts, and host-to-host communications MAY be disabled by the administrator of any given deployment.

If two hosts would like to enable communications between themselves, they MUST form a relationship of trust at some level, either based on trust in DNS or based on a pre-existing trust relationship (e.g., through exchange of certificates). If two hosts have a pre-existing trust relationship, they MAY use SASL Authentication for the purpose of authenticating each other. If they do not have a pre-existing relationship, they MUST use the Dialback Protocol, which provides a reliable mechanism for preventing the spoofing of hosts.

8.3 Use of SASL

Although service provisioning is a policy matter, at a minimum, all implementations must provide:

for authentication:

the SASL DIGEST-MD5 mechanism

Further, node implementations may choose to offer MIME-based security services providing message integrity and confidentiality, such as OpenPGP[14] or S/MIME[15].

References

Authors' Addresses

Appendix A. Standard Error Codes

A standard error element is used for failed processing of XML chunks. This element is a child of the failed element and MUST include a 'code' attribute corresponding to one of the following error codes.

• 302 (Redirect) - Whereas the HTTP spec contains eight different codes for redirection, XMPP contains only one (which is intended to stand for any redirection error). However, code 302 is being reserved for future functionality and is not implemented at this time.
• 400 (Bad Request) - Code 400 is used to inform a sender that a request could not be understood by the recipient because it cannot be understood. This might be generated when, for example, an entity sends a message that does not have a 'to' attribute, or when a node attempts to authenticate without sending a username.
• 401 (Unauthorized) - Code 401 is used to inform nodes that they have provided incorrect authorization information, e.g., an incorrect password or unknown username when attempting to authenticate with a host.
• 402 (Payment Required) - Code 402 is being reserved for future use and is not in use at this time.
• 403 (Forbidden) - Code 403 is used to inform an entity that the its request was understood but that the recipient is refusing to fulfill it, e.g., if a node attempts to set information (e.g., preferences or profile information) associated with another node.
• 404 (Not Found) - Code 404 is used to inform a sender that no recipient was found matching the JID to which an XML chunk was sent, e.g., if a sender has attempted to send a message to a JID that does not exist. (Note: if the host of the intended recipient cannot be reached, an error code from the 500 series will be sent).
• 405 (Not Allowed) - Code 405 is used when the action requested is not allowed for the JID identified by the 'from' address, e.g., if a node attempts to set the time or version of a host.
• 406 (Not Acceptable) - Code 406 is used when an XML chunk is for some reason not acceptable to a host or other entity. This might be generated when, for example, a node attempts to register with a host using an empty password.
• 407 (Registration Required) - Code 407 is used when a message or request is sent to a service that requires prior registration, e.g., if a node attempts to send a message through a gateway to a foreign messaging system without having first registered with that gateway.
• 408 (Request Timeout) - Code 408 is returned when a recipient does not produce a response within the time that the sender was prepared to wait.
• 500 (Internal Server Error) - Code 500 is used when a host or service encounters an unexpected condition which prevents it from handling an XML chunk from a sender, e.g., if an authentication request is not handled by a host because the password could not be retrieved or if password storage fails when a node attempts to register with a host.
• 501 (Not Implemented) - Code 501 is used when the recipient does not support the functionality being requested by a sender, e.g., if a node sends an authentication request that does not contain the elements defined by at least one of the accepted authentication methods or when a node attempts to register with a host that does not allow registration.
• 502 (Remote Server Error) - Code 502 is used when delivery of an XML chunk fails because of an inability to reach the intended remote host or service. Specific examples of why this code is generated include a failure to connect to the remote host or resolve its hostname.
• 503 (Service Unavailable) - Code 503 is used when a sender requests a service that a recipient is currently unable to handle, usually for temporary reasons, e.g., if a sender attempts to send a message to a recipient that is offline but the recipient's host is not running an offline message storage service.
• 504 (Remote Server Timeout) - Code 504 is used when attempts to contact a remote host timeout, e.g., if an incorrect hostname is specified.

Appendix B. IANA Considerations

The IANA registers "jabber-client" and "jabber-server" as GSS-API[16] service names, as specified in Section 6.1.1.

Full Copyright Statement

Copyright (C) The Internet Society (2002). All Rights Reserved.

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

Funding for the RFC Editor function is currently provided by the Internet Society.